Format: 1.8 Date: Thu, 16 Aug 2012 17:06:20 -0500 Source: postgresql-9.1 Binary: libpq-dev libpq5 libecpg6 libecpg-dev libecpg-compat3 libpgtypes3 postgresql-9.1 postgresql-9.1-dbg postgresql-client-9.1 postgresql-server-dev-9.1 postgresql-doc-9.1 postgresql-contrib-9.1 postgresql-plperl-9.1 postgresql-plpython-9.1 postgresql-pltcl-9.1 Architecture: amd64 amd64_translations Version: 9.1.5-0ubuntu11.10 Distribution: oneiric Urgency: low Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Jamie Strandboge Description: libecpg-compat3 - older version of run-time library for ECPG programs libecpg-dev - development files for ECPG (Embedded PostgreSQL for C) libecpg6 - run-time library for ECPG programs libpgtypes3 - shared library libpgtypes for PostgreSQL 9.1 libpq-dev - header files for libpq5 (PostgreSQL library) libpq5 - PostgreSQL C client library postgresql-9.1 - object-relational SQL database, version 9.1 server postgresql-9.1-dbg - debug symbols for postgresql-9.1 postgresql-client-9.1 - front-end programs for PostgreSQL 9.1 postgresql-contrib-9.1 - additional facilities for PostgreSQL postgresql-doc-9.1 - documentation for the PostgreSQL database management system postgresql-plperl-9.1 - PL/Perl procedural language for PostgreSQL 9.1 postgresql-plpython-9.1 - PL/Python procedural language for PostgreSQL 9.1 postgresql-pltcl-9.1 - PL/Tcl procedural language for PostgreSQL 9.1 postgresql-server-dev-9.1 - development files for PostgreSQL 9.1 server-side programming Changes: postgresql-9.1 (9.1.5-0ubuntu11.10) oneiric-security; urgency=low . * New upstream bug fix/security release: - Prevent access to external files/URLs via XML entity references (Noah Misch, Tom Lane) xml_parse() would attempt to fetch external files or URLs as needed to resolve DTD and entity references in an XML value, thus allowing unprivileged database users to attempt to fetch data with the privileges of the database server. While the external data wouldn't get returned directly to the user, portions of it could be exposed in error messages if the data didn't parse as valid XML; and in any case the mere ability to check existence of a file might be useful to an attacker. (CVE-2012-3489) - Prevent access to external files/URLs via "contrib/xml2"'s xslt_process() (Peter Eisentraut) libxslt offers the ability to read and write both files and URLs through stylesheet commands, thus allowing unprivileged database users to both read and write data with the privileges of the database server. Disable that through proper use of libxslt's security options. (CVE-2012-3488) Also, remove xslt_process()'s ability to fetch documents and stylesheets from external files/URLs. While this was a documented "feature", it was long regarded as a bad idea. The fix for CVE-2012-3489 broke that capability, and rather than expend effort on trying to fix it, we're just going to summarily remove it. - Prevent too-early recycling of btree index pages (Noah Misch) When we allowed read-only transactions to skip assigning XIDs, we introduced the possibility that a deleted btree page could be recycled while a read-only transaction was still in flight to it. This would result in incorrect index search results. The probability of such an error occurring in the field seems very low because of the timing requirements, but nonetheless it should be fixed. - Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane) If "ALTER SEQUENCE" was executed on a freshly created or reset sequence, and then precisely one nextval() call was made on it, and then the server crashed, WAL replay would restore the sequence to a state in which it appeared that no nextval() had been done, thus allowing the first sequence value to be returned again by the next nextval() call. In particular this could manifest for serial columns, since creation of a serial column's sequence includes an "ALTER SEQUENCE OWNED BY" step. - Fix race condition in enum-type value comparisons (Robert Haas, Tom Lane) Comparisons could fail when encountering an enum value added since the current query started. - Fix txid_current() to report the correct epoch when not in hot standby (Heikki Linnakangas) This fixes a regression introduced in the previous minor release. - Prevent selection of unsuitable replication connections as the synchronous standby (Fujii Masao) The master might improperly choose pseudo-servers such as pg_receivexlog or pg_basebackup as the synchronous standby, and then wait indefinitely for them. - Fix bug in startup of Hot Standby when a master transaction has many subtransactions (Andres Freund) This mistake led to failures reported as "out-of-order XID insertion in KnownAssignedXids". - Ensure the "backup_label" file is fsync'd after pg_start_backup() (Dave Kerr) - Fix timeout handling in walsender processes (Tom Lane) WAL sender background processes neglected to establish a SIGALRM handler, meaning they would wait forever in some corner cases where a timeout ought to happen. - Wake walsenders after each background flush by walwriter (Andres Freund, Simon Riggs) This greatly reduces replication delay when the workload contains only asynchronously-committed transactions. - Fix LISTEN/NOTIFY to cope better with I/O problems, such as out of disk space (Tom Lane) After a write failure, all subsequent attempts to send more NOTIFY messages would fail with messages like "Could not read from file "pg_notify/nnnn" at offset nnnnn: Success". - Only allow autovacuum to be auto-canceled by a directly blocked process (Tom Lane) The original coding could allow inconsistent behavior in some cases; in particular, an autovacuum could get canceled after less than deadlock_timeout grace period. - Improve logging of autovacuum cancels (Robert Haas) - Fix log collector so that log_truncate_on_rotation works during the very first log rotation after server start (Tom Lane) - Fix WITH attached to a nested set operation (UNION/INTERSECT/EXCEPT) (Tom Lane) - Ensure that a whole-row reference to a subquery doesn't include any extra GROUP BY or ORDER BY columns (Tom Lane) - Fix dependencies generated during ALTER TABLE ... ADD CONSTRAINT USING INDEX (Tom Lane) This command left behind a redundant pg_depend entry for the index, which could confuse later operations, notably ALTER TABLE ... ALTER COLUMN TYPE on one of the indexed columns. - Fix "REASSIGN OWNED" to work on extensions (Alvaro Herrera) - Disallow copying whole-row references in CHECK constraints and index definitions during "CREATE TABLE" (Tom Lane) This situation can arise in "CREATE TABLE" with LIKE or INHERITS. The copied whole-row variable was incorrectly labeled with the row type of the original table not the new one. Rejecting the case seems reasonable for LIKE, since the row types might well diverge later. For INHERITS we should ideally allow it, with an implicit coercion to the parent table's row type; but that will require more work than seems safe to back-patch. - Fix memory leak in ARRAY(SELECT ...) subqueries (Heikki Linnakangas, Tom Lane) - Fix planner to pass correct collation to operator selectivity estimators (Tom Lane) This was not previously required by any core selectivity estimation function, but third-party code might need it. - Fix extraction of common prefixes from regular expressions (Tom Lane) The code could get confused by quantified parenthesized subexpressions, such as ^(foo)?bar. This would lead to incorrect index optimization of searches for such patterns. - Fix bugs with parsing signed "hh":"mm" and "hh":"mm":"ss" fields in interval constants (Amit Kapila, Tom Lane) - Fix pg_dump to better handle views containing partial GROUP BY lists (Tom Lane) A view that lists only a primary key column in GROUP BY, but uses other table columns as if they were grouped, gets marked as depending on the primary key. Improper handling of such primary key dependencies in pg_dump resulted in poorly-ordered dumps, which at best would be inefficient to restore and at worst could result in outright failure of a parallel pg_restore run. - In PL/Perl, avoid setting UTF8 flag when in SQL_ASCII encoding (Alex Hunsaker, Kyotaro Horiguchi, Alvaro Herrera) - Use Postgres' encoding conversion functions, not Python's, when converting a Python Unicode string to the server encoding in PL/Python (Jan Urbanski) This avoids some corner-case problems, notably that Python doesn't support all the encodings Postgres does. A notable functional change is that if the server encoding is SQL_ASCII, you will get the UTF-8 representation of the string; formerly, any non-ASCII characters in the string would result in an error. - Fix mapping of PostgreSQL encodings to Python encodings in PL/Python (Jan Urbanski) - Report errors properly in "contrib/xml2"'s xslt_process() (Tom Lane) - Update time zone data files to tzdata release 2012e for DST law changes in Morocco and Tokelau Checksums-Sha1: b3db55362a3a280d0187e5d7a3afe30fc436f157 213460 libpq-dev_9.1.5-0ubuntu11.10_amd64.deb f2b64003d2f2198d30404c3b1e5e7372d4a6586d 99712 libpq5_9.1.5-0ubuntu11.10_amd64.deb e81f73750b494438f925ae4801612615e0dabba2 40006 libecpg6_9.1.5-0ubuntu11.10_amd64.deb 18624727470d8d250bcf3d3da4e817d82d120ee5 266354 libecpg-dev_9.1.5-0ubuntu11.10_amd64.deb d98389bb74f73893f2a8f05ef541858aa36073c4 12700 libecpg-compat3_9.1.5-0ubuntu11.10_amd64.deb 50cd8a5bcd84bc1d44da0648c0c1cb1409c9b8d0 53028 libpgtypes3_9.1.5-0ubuntu11.10_amd64.deb 9b85cf526cbf27706a541207e8b9c6920a3759b2 4350438 postgresql-9.1_9.1.5-0ubuntu11.10_amd64.deb 0d70a03c5bcc2ce7daa257843aea48c4397704b2 8534068 postgresql-9.1-dbg_9.1.5-0ubuntu11.10_amd64.deb ad7be4085bbb96d4d029a5d9d0449ff0e8439a1c 974658 postgresql-client-9.1_9.1.5-0ubuntu11.10_amd64.deb a13c9577b8fc4f982faed046aa84c4fd383a9ad1 697958 postgresql-server-dev-9.1_9.1.5-0ubuntu11.10_amd64.deb ab274aac537c3bac55b8bf301f92a235af15b8b8 460772 postgresql-contrib-9.1_9.1.5-0ubuntu11.10_amd64.deb 013b21065915633b0b9694e40afcc5f4eedb2896 66890 postgresql-plperl-9.1_9.1.5-0ubuntu11.10_amd64.deb 67e601ca9610275fd341b9fb5f1241f8a62dda1d 59904 postgresql-plpython-9.1_9.1.5-0ubuntu11.10_amd64.deb a443ef5e429209b14bade0fbf27b2228d1b5114d 41412 postgresql-pltcl-9.1_9.1.5-0ubuntu11.10_amd64.deb 065d94eb7b70922e9b94481e77917e2ae6870c7f 4756799 postgresql-9.1_9.1.5-0ubuntu11.10_amd64_translations.tar.gz Checksums-Sha256: fe251c5f758246f99f183fb826bf905a1b39e19d6cc61fd8db584c4e7deb42ca 213460 libpq-dev_9.1.5-0ubuntu11.10_amd64.deb e5a64e0554f6872624ebcdea76039e4818634171e09fd8eb1c5690d9c47623ac 99712 libpq5_9.1.5-0ubuntu11.10_amd64.deb 1a276f132079ae5cb6d6c396f09e4a60aa91738f633aa26ef6419e2c9c6d2b82 40006 libecpg6_9.1.5-0ubuntu11.10_amd64.deb 7a0f546d0429b33f7f81ee4a2b58d8b5c237824e3b9f77992ccb86c5f1d1df2c 266354 libecpg-dev_9.1.5-0ubuntu11.10_amd64.deb 7e71a117441a6adcfcb8d38adc6282fd2cf5d27ed430d4a8d70aa93b889f24aa 12700 libecpg-compat3_9.1.5-0ubuntu11.10_amd64.deb 507cc48d7562462ae6c1ebcb9d73d27911e9e9b7302cad7d34fc138801d1ebbc 53028 libpgtypes3_9.1.5-0ubuntu11.10_amd64.deb 921a7d28cf2eeba6f345e9a64c78506a564d264a5d05e977aa16bfbeffe1658a 4350438 postgresql-9.1_9.1.5-0ubuntu11.10_amd64.deb 32ab840dc7e35c0c61f83dddc628e46a6a3531f3b678d2a3803c8fb7e49a931f 8534068 postgresql-9.1-dbg_9.1.5-0ubuntu11.10_amd64.deb 5e0a1c01bbef25731a210c21a7390da106438d2604f37f75751d7243ae627988 974658 postgresql-client-9.1_9.1.5-0ubuntu11.10_amd64.deb 9221b6586de607ddff9927402f7705cb5a634f34298b9f43d8f2ad40536f5cea 697958 postgresql-server-dev-9.1_9.1.5-0ubuntu11.10_amd64.deb 08085e52203c030b30adb70c82e128783948c85e345a9830237a40b2cd9393e2 460772 postgresql-contrib-9.1_9.1.5-0ubuntu11.10_amd64.deb 99aa968bfb43d1f0e16e4fd4effe32a65499f1150121266f10c5d75092b98c83 66890 postgresql-plperl-9.1_9.1.5-0ubuntu11.10_amd64.deb 3fe22830db92ba6105c15809503ca172ae9096ff24393a57859a8142753c54f6 59904 postgresql-plpython-9.1_9.1.5-0ubuntu11.10_amd64.deb d2cbfc857905c209c178fbc2e7cbe04125c3fe55ecaec3148eed2b85d9c7413f 41412 postgresql-pltcl-9.1_9.1.5-0ubuntu11.10_amd64.deb d7616610c8d85459444f5d98ef02db42a5e3eddd03b41b8b84a5fdb9f924dbc7 4756799 postgresql-9.1_9.1.5-0ubuntu11.10_amd64_translations.tar.gz Files: f1e84d1694f4385c8f98c73164beb60e 213460 libdevel optional libpq-dev_9.1.5-0ubuntu11.10_amd64.deb 381e7571e24a1cd9025cc3293037db75 99712 libs optional libpq5_9.1.5-0ubuntu11.10_amd64.deb 7e72c0f2591ee02fe6c0b54769709ec7 40006 libs optional libecpg6_9.1.5-0ubuntu11.10_amd64.deb d14777ed4219b9d79adc0beb1ecb3a79 266354 libdevel optional libecpg-dev_9.1.5-0ubuntu11.10_amd64.deb db82ccc7c38341d5e30a6fb79ef68826 12700 libs optional libecpg-compat3_9.1.5-0ubuntu11.10_amd64.deb 4c4f854635ee145ab89d36f35ea4b3af 53028 libs optional libpgtypes3_9.1.5-0ubuntu11.10_amd64.deb 2ac423c893730efdbae38e7fd09dce80 4350438 database optional postgresql-9.1_9.1.5-0ubuntu11.10_amd64.deb b7526dcfb4b7c41e8bf70884f89104b3 8534068 debug extra postgresql-9.1-dbg_9.1.5-0ubuntu11.10_amd64.deb e559b19a6ca818d03ee5cd7e766708f2 974658 database optional postgresql-client-9.1_9.1.5-0ubuntu11.10_amd64.deb 7d51a991298279cf3b20e7ff1501744b 697958 libdevel optional postgresql-server-dev-9.1_9.1.5-0ubuntu11.10_amd64.deb f1cf054622041739a4302e4e27f95efd 460772 database optional postgresql-contrib-9.1_9.1.5-0ubuntu11.10_amd64.deb c021e51d479a9a707b2d8ab405b4ab14 66890 database optional postgresql-plperl-9.1_9.1.5-0ubuntu11.10_amd64.deb 583dd02804a5db88a957d0726043c6dc 59904 database optional postgresql-plpython-9.1_9.1.5-0ubuntu11.10_amd64.deb 793f1e4997331682262aeb1270569d5d 41412 database optional postgresql-pltcl-9.1_9.1.5-0ubuntu11.10_amd64.deb 3f2fdf7ba16073e2b537f8d16f3efc53 4756799 raw-translations - postgresql-9.1_9.1.5-0ubuntu11.10_amd64_translations.tar.gz Original-Maintainer: Martin Pitt